Cross-Site Scripting (XSS)

🗓️ 02 Apr 2023 13:20:04Reported by Veracode Vulnerability DatabaseType

rails vulnerability to Cross-Site Scripting (XSS) due to lack of input sanitizatio

Reporter	Title	Published	Views	Family All 34
Circl	CVE-2023-23913	8 Sep 202301:57	–	circl
CNNVD	Rails 安全漏洞	9 Jan 202500:00	–	cnnvd
CVE	CVE-2023-23913	9 Jan 202500:33	–	cve
Cvelist	CVE-2023-23913	9 Jan 202500:33	–	cvelist
Debian	[SECURITY] [DSA 5389-1] rails security update	14 Apr 202316:39	–	debian
Debian CVE	CVE-2023-23913	9 Jan 202500:33	–	debiancve
Tenable Nessus	Debian DSA-5389-1 : rails - security update	15 Apr 202300:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2023:3813-1)	28 Sep 202300:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2023-23913	27 Aug 202500:00	–	nessus
Github Security Blog	rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements	9 Jun 202322:41	–	github

Vulners

Node

rubyonrails railsMatch2:6.0.3.4+dfsg-1debian

AND

rubyonrails railsMatch2:6.0.3.4+dfsg-1debian

AND

rubyonrails railsRange5.1.0.beta1–6.1.7.3os

rubyonrails railsRange7.0.0.alpha1–7.0.4.2os

Source	Link
github	www.github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd
github	www.github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214
security-tracker	www.security-tracker.debian.org/tracker/CVE-2023-23913
bugs	www.bugs.debian.org/cgi-bin/bugreport.cgi
discuss	www.discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468
security	www.security.netapp.com/advisory/ntap-20240605-0007/
debian	www.debian.org/security/2023/dsa-5389

21 Jun 2023 12:27Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.3

EPSS0.00207

SSVC